Bug 476363 - neither su nor sudo works in Fedora 10
neither su nor sudo works in Fedora 10
Status: CLOSED CANTFIX
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
10
i386 Linux
low Severity high
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-13 11:54 EST by zachary charlop-powers
Modified: 2009-03-09 11:59 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-09 11:59:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
/etc/pam.d/system-auth (890 bytes, application/octet-stream)
2008-12-15 09:50 EST, zachary charlop-powers
no flags Details
/etc/pam.d/su (487 bytes, application/octet-stream)
2008-12-15 09:51 EST, zachary charlop-powers
no flags Details
/etc/pam.d/sudo (202 bytes, application/octet-stream)
2008-12-15 09:51 EST, zachary charlop-powers
no flags Details
/var/log/messages (145.87 KB, application/octet-stream)
2008-12-15 09:52 EST, zachary charlop-powers
no flags Details
/var/log/secure (3.19 KB, application/octet-stream)
2008-12-15 09:52 EST, zachary charlop-powers
no flags Details
/var/log/secure-20081214 (34.26 KB, application/octet-stream)
2008-12-15 09:55 EST, zachary charlop-powers
no flags Details

  None (edit)
Description zachary charlop-powers 2008-12-13 11:54:07 EST
Description of problem:
I cannot use root privileges from the terminal. If i type su or sudo, I am immedietely rejected without being prompted to enter my root password.

Version-Release number of selected component (if applicable): 
nss:3.12.2.0-3fc10
pam: 1.0.2-2.fc10


How reproducible: always


Steps to Reproduce:
1. open terminal
2. type su or type sudo 

  
Actual results: 

for su:
/home/zachcp/Desktop > su
su: incorrect password

for sudo:
/home/zachcp/Desktop > sudo yum
sudo: pam_acct_mgmt: 7
Sorry, try again.
sudo: pam_acct_mgmt: 7
Sorry, try again.
sudo: pam_acct_mgmt: 7
Sorry, try again.
sudo: 3 incorrect password attempts
/home/zachcp/Desktop > 



Expected results: Prompt for password. There is no prompt for password, only immediate rejection. If I use GUI-based programs that prompt me for su password there is no problem (system-config-display, yumex, etc..)


Additional info:
Comment 1 Tomas Mraz 2008-12-13 16:11:17 EST
What do you see related in /var/log/secure and /var/log/messages?
What is in your /etc/pam.d/system-auth, /etc/pam.d/su and /etc/pam.d/sudo?
Comment 2 zachary charlop-powers 2008-12-15 09:50:56 EST
Created attachment 326952 [details]
/etc/pam.d/system-auth
Comment 3 zachary charlop-powers 2008-12-15 09:51:20 EST
Created attachment 326953 [details]
/etc/pam.d/su
Comment 4 zachary charlop-powers 2008-12-15 09:51:48 EST
Created attachment 326954 [details]
/etc/pam.d/sudo
Comment 5 zachary charlop-powers 2008-12-15 09:52:18 EST
Created attachment 326955 [details]
/var/log/messages
Comment 6 zachary charlop-powers 2008-12-15 09:52:46 EST
Created attachment 326956 [details]
/var/log/secure
Comment 7 zachary charlop-powers 2008-12-15 09:55:15 EST
Created attachment 326957 [details]
/var/log/secure-20081214
Comment 8 zachary charlop-powers 2008-12-15 10:05:17 EST
i am not familiar with the /pam.d files but a cursory look at them makes me think they are okay. 

in the /var/log/secure-20081214 file I see a number of error messages to sudo and the error is a timestamp error. You can also see that when I have used a GUI to use a program with root priveleges (yumex, livna-config-display) the output will say something like this:

-- pam_timestamp(yumex:auth): timestamp file `/var/run/sudo/zachcp/unknown:root' is only 19 seconds old, allowing access to yumex for user zachcp

Additionally there is a recurrent error message around unix_chpwd:

--Dec 12 12:10:40 localhost sudo:   zachcp : pam_acct_mgmt: 7 ; TTY=pts/2 ; PWD=/home/zachcp ; USER=root ; COMMAND=/usr/bin/yum nmr4us
--Dec 12 12:10:41 localhost sudo: pam_unix(sudo:account): read unix_chkpwd output error 0: Success

Perhaps you have a suggestion but do you think ther would be a way to upate the timestamp on my '/var/run/sudo/zachcp/unknown' file? Perhaps "touch /var/run/sudo/zachcp/unknown" ?

thanks
Comment 9 zachary charlop-powers 2008-12-15 10:07:30 EST
also, FYI, this machine was not a clean install of Fedora 10. I was running rawhide and continually updated. Su was working until one of the updates, however.  To the best that I noticed, PAM and NSS updates were in the packeages updated right before my permissions issue started.
Comment 10 Tomas Mraz 2008-12-15 11:15:19 EST
The message about timestamp is just an informational message. But the unix_chkpwd message indicates a problem.

What 'rpm -V pam' prints? Run it as root of course.

Also is the problem still there if you temporarily switch SELinux to permissive mode by 'setenforce 0' ?
Comment 11 zachary charlop-powers 2008-12-15 11:36:41 EST
[root@localhost ~]# rpm -V pam
....L...  c /etc/pam.d/system-auth
S.5....T  c /etc/security/limits.conf


I will try the SELinux trick next
Comment 12 Tomas Mraz 2009-03-09 11:41:14 EDT
Did changing SELinux mode to permissive help?

Could you try to install the pam package from:
http://people.redhat.com/tmraz/testing/
and report what you see in /var/log/secure when you try su and sudo?
Comment 13 zachary charlop-powers 2009-03-09 11:49:54 EDT
Thanks Tom,

Changing SELinux did not help. I was unable to do much with the computer without root capability. I was also having a few other (related?) glitches in system performance. As I mentioned, this had been an incremental update of Rawhide, so I decided for a clean install at which point everything worked fine.
Comment 14 Tomas Mraz 2009-03-09 11:59:41 EDT
OK closing.

Note You need to log in before you can comment on or make changes to this bug.